Solve : Application cannot be executed. The file...is infected.?

1.	Solve : Application cannot be executed. The file...is infected.?
Answer» Please run a free online scan with the ESET Online Scanner Tick the BOX next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, you may close the window Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic I am having trouble getting the scan started. I am getting a message saying "Can not get update. Is proxy configured?". Should I reconfigure it (since I previously disabled for the last scan)?No. Weird. Hi Download OTL to your Desktop. (If you ALREADY have it downloaded, then just follow the instructions below). Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Under the Custom Scan box paste this in %systemroot%\. /mp /s %systemroot%\system32\.dll /lockedfiles %systemroot%\system32\.exe /lockedfiles %systemroot%\Tasks\.job /lockedfiles %systemroot%\system32\drivers\.sys /lockedfiles %systemroot%\System32\config\.sav %systemroot%\system32\.sys %systemroot%\system32\drivers\.dll %systemroot%\system32\drivers\.ini %systemroot%\system32\drivers\.exe %SYSTEMDRIVE%\. %PROGRAMFILES%\. %appdata%\.* netsvcs msconfig safebootminimal safebootnetwork activex drivers32 /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys disk.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys usbstor.sys /md5stop CREATERESTOREPOINT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\|LastSuccessTime /rs Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time Here is the first half of the OTL.Txt file: OTL logfile created on: 5/13/2010 5:44:35 PM - Run 2 OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Kelly\Desktop\Virus Removal Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 958.00 Mb Total Physical Memory \| 289.00 Mb Available Physical Memory \| 30.00% Memory free 2.00 Gb Paging File \| 1.00 Gb Available in Paging File \| 45.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 138.98 Gb Total Space \| 45.46 Gb Free Space \| 32.71% Space Free \| Partition Type: NTFS Drive D: \| 10.07 Gb Total Space \| 9.99 Gb Free Space \| 99.21% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FRANCESCA Current User Name: Kelly Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/02 22:40:01 \| 000,570,880 \| ---- \| M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\Virus Removal\OTL.exe PRC - [2009/10/23 13:31:44 \| 000,401,920 \| ---- \| M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe PRC - [2009/10/23 13:31:44 \| 000,326,144 \| ---- \| M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe PRC - [2009/08/22 02:32:54 \| 000,117,640 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe PRC - [2009/07/02 19:02:45 \| 000,296,208 \| ---- \| M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe PRC - [2009/05/19 11:36:18 \| 000,240,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/04/11 02:27:58 \| 001,169,408 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2009/04/11 02:27:36 \| 002,926,592 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/28 14:54:23 \| 001,529,856 \| ---- \| M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe PRC - [2008/01/19 03:38:38 \| 001,008,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/07/16 11:58:02 \| 001,524,512 \| ---- \| M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007/06/06 11:35:02 \| 000,270,336 \| ---- \| M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe PRC - [2007/01/04 17:38:08 \| 000,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe ========== Modules (SafeList) ========== MOD - [2010/05/02 22:40:01 \| 000,570,880 \| ---- \| M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\Virus Removal\OTL.exe MOD - [2009/04/11 02:21:38 \| 001,686,016 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/19 03:33:00 \| 000,110,592 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2009/10/23 13:31:44 \| 000,401,920 \| ---- \| M] (Amazon.com) [Auto \| Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent) SRV - [2009/09/24 21:27:04 \| 000,793,088 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/22 02:32:54 \| 000,117,640 \| R--- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus) SRV - [2009/07/02 19:02:45 \| 000,296,208 \| ---- \| M] (Alcatel-Lucent) [Auto \| Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost) SRV - [2009/05/19 11:36:18 \| 000,240,512 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/01/19 03:38:24 \| 000,272,952 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/07/16 11:58:02 \| 001,524,512 \| ---- \| M] (Cisco Systems, Inc.) [Auto \| Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007/01/09 17:55:34 \| 000,110,592 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) [On_Demand \| Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007/01/04 17:38:08 \| 000,024,652 \| ---- \| M] (Viewpoint Corporation) [Auto \| Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) ========== Driver Services (SafeList) ========== DRV - [2010/05/11 04:00:00 \| 001,347,504 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100513.002\NAVEX15.SYS -- (NAVEX15) DRV - [2010/05/11 04:00:00 \| 000,085,552 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100513.002\NAVENG.SYS -- (NAVENG) DRV - [2010/02/03 21:02:30 \| 000,482,432 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys -- (ccHP) DRV - [2009/10/28 18:37:22 \| 000,343,088 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSvix86.sys -- (IDSVix86) DRV - [2009/08/31 19:38:28 \| 000,124,976 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/08/27 04:00:00 \| 000,371,248 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009/08/27 04:00:00 \| 000,102,448 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/08/22 02:32:55 \| 000,310,320 \| ---- \| M] (Symantec Corporation) [File_System \| Boot \| Running] -- C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS -- (SymEFA) DRV - [2009/08/22 02:32:55 \| 000,308,272 \| ---- \| M] (Symantec Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS -- (SRTSP) DRV - [2009/08/22 02:32:55 \| 000,259,632 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys -- (BHDrvx86) DRV - [2009/08/22 02:32:55 \| 000,217,136 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS -- (SYMTDI) DRV - [2009/08/22 02:32:55 \| 000,089,904 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW) DRV - [2009/08/22 02:32:55 \| 000,048,688 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS -- (SYMNDISV) DRV - [2009/08/22 02:32:55 \| 000,043,696 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2009/08/22 02:32:45 \| 000,025,648 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009/04/11 00:45:24 \| 000,113,664 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2009/01/30 19:23:30 \| 000,021,248 \| ---- \| M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel \| On_Demand \| Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2009/01/30 19:23:30 \| 000,020,096 \| ---- \| M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel \| On_Demand \| Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/03/03 11:32:00 \| 000,188,416 \| ---- \| M] (Conexant Systems Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008/01/16 16:01:01 \| 000,047,616 \| ---- \| M] (Aladdin Knowledge Systems) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt) DRV - [2007/10/13 00:50:00 \| 001,044,984 \| ---- \| M] (Broadcom Corp.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2007/10/13 00:50:00 \| 001,044,984 \| ---- \| M] (Broadcom Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2007/09/19 21:05:00 \| 007,626,400 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/08/08 21:42:08 \| 000,045,568 \| ---- \| M] (REDC) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/08/01 08:42:32 \| 000,164,864 \| ---- \| M] (Conexant Systems Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007/07/30 12:54:02 \| 000,038,400 \| ---- \| M] (REDC) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/07/30 11:42:58 \| 000,043,008 \| ---- \| M] (REDC) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007/07/16 11:57:12 \| 000,306,299 \| ---- \| M] (Cisco Systems, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007/07/10 07:27:56 \| 000,008,704 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/07/07 01:58:56 \| 000,155,136 \| ---- \| M] (Alps Electric Co., Ltd.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/06/20 04:29:56 \| 000,984,064 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007/06/20 04:28:34 \| 000,208,896 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007/06/20 04:28:22 \| 000,660,480 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007/03/06 09:15:58 \| 001,059,112 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007/02/16 04:50:32 \| 000,012,032 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007/01/31 13:45:06 \| 000,127,376 \| ---- \| M] (Deterministic Networks, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/01/18 15:28:02 \| 000,005,275 \| ---- \| M] (Cisco Systems, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006/11/30 13:24:58 \| 000,008,192 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/11/22 11:01:48 \| 000,693,760 \| ---- \| M] (Aladdin Knowledge Systems Ltd.) [Kernel \| Auto \| Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006/11/22 11:01:48 \| 000,100,096 \| ---- \| M] (Aladdin Knowledge Systems Ltd.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2006/11/22 11:01:46 \| 000,327,168 \| ---- \| M] (Aladdin Knowledge Systems Ltd.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2006/11/02 05:51:45 \| 000,900,712 \| ---- \| M] (QLogic Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 05:51:38 \| 000,420,968 \| ---- \| M] (Adaptec, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 05:51:34 \| 000,316,520 \| ---- \| M] (Emulex) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 05:51:32 \| 000,297,576 \| ---- \| M] (Adaptec, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 05:51:25 \| 000,235,112 \| ---- \| M] (ULi Electronics Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 05:51:25 \| 000,232,040 \| ---- \| M] (Intel Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 05:51:00 \| 000,147,048 \| ---- \| M] (Adaptec, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 05:50:45 \| 000,115,816 \| ---- \| M] (Promise Technology, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 05:50:41 \| 000,112,232 \| ---- \| M] (VIA Technologies Inc.,Ltd) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 05:50:35 \| 000,106,088 \| ---- \| M] (QLogic Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 05:50:35 \| 000,098,408 \| ---- \| M] (Promise Technology, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 05:50:35 \| 000,098,408 \| ---- \| M] (Adaptec, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 05:50:24 \| 000,088,680 \| ---- \| M] (NVIDIA Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 05:50:19 \| 000,045,160 \| ---- \| M] (IBM Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 05:50:17 \| 000,041,576 \| ---- \| M] (Intel Corp./ICP vortex GmbH) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 05:50:16 \| 000,071,784 \| ---- \| M] (Silicon Integrated Systems) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 05:50:13 \| 000,040,040 \| ---- \| M] (NVIDIA Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 05:50:11 \| 000,071,272 \| ---- \| M] (Adaptec, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 05:50:10 \| 000,067,688 \| ---- \| M] (Adaptec, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 05:50:10 \| 000,065,640 \| ---- \| M] (LSI Logic) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 05:50:10 \| 000,038,504 \| ---- \| M] (Silicon Integrated Systems Corp.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 05:50:10 \| 000,037,480 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 05:50:09 \| 000,067,688 \| ---- \| M] (Adaptec, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 05:50:09 \| 000,035,944 \| ---- \| M] (Integrated Technology Express, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 05:50:07 \| 000,035,944 \| ---- \| M] (Integrated Technology Express, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 05:50:05 \| 000,065,640 \| ---- \| M] (LSI Logic) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 05:50:05 \| 000,035,944 \| ---- \| M] (LSI Logic) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 05:50:04 \| 000,065,640 \| ---- \| M] (LSI Logic) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 05:50:03 \| 000,034,920 \| ---- \| M] (LSI Logic) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 05:49:59 \| 000,033,384 \| ---- \| M] (LSI Logic Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 05:49:56 \| 000,031,848 \| ---- \| M] (LSI Logic) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 05:49:53 \| 000,028,776 \| ---- \| M] (LSI Logic Corporation) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 05:49:30 \| 000,017,512 \| ---- \| M] (VIA Technologies, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 05:49:28 \| 000,016,488 \| ---- \| M] (CMD Technology, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 05:49:20 \| 000,014,952 \| ---- \| M] (Acer Laboratories Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 04:25:24 \| 000,071,808 \| ---- \| M] (Brother Industries Ltd.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 04:24:47 \| 000,011,904 \| ---- \| M] (Brother Industries Ltd.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 04:24:46 \| 000,005,248 \| ---- \| M] (Brother Industries, Ltd.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 04:24:45 \| 000,013,568 \| ---- \| M] (Brother Industries, Ltd.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 04:24:44 \| 000,062,336 \| ---- \| M] (Brother Industries Ltd.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 04:24:44 \| 000,012,160 \| ---- \| M] (Brother Industries Ltd.) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 03:41:49 \| 000,200,704 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006/11/02 03:36:50 \| 000,020,608 \| ---- \| M] (N-trig Innovative Technologies) [Kernel \| Disabled \| Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 03:30:54 \| 000,117,760 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006/10/18 22:10:57 \| 001,380,864 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2006/06/28 12:54:00 \| 000,009,472 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2005/02/23 14:58:56 \| 000,011,776 \| ---- \| M] (Arcsoft, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2003/04/02 19:54:16 \| 000,020,648 \| ---- \| M] (Thomson Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\netrcacm.sys -- (netrcacm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ========== FireFox ========== FF - prefs.js..browser.search.suggest.enable d: false FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/" FF - prefs.js..extensions.enabledItems: [emailprotected]:1.0.0.07075003 FF - prefs.js..network.proxy.no_proxies_on: ".local" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 18:54:59 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 18:55:08 \| 000,000,000 \| ---D \| M] [2008/08/26 12:29:12 \| 000,000,000 \| ---D \| M] -- C:\Users\Kelly\AppData\Roaming\Mozilla\Extensions [2010/05/12 22:05:38 \| 000,000,000 \| ---D \| M] -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\awill9li.default\extensions [2009/07/06 10:14:06 \| 000,000,000 \| ---D \| M] (Microsoft .NET Framework Assistant) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\awill9li.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/04/30 22:54:04 \| 000,000,000 \| ---D \| M] -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\awill9li.default\extensions\[emailprotected] [2010/05/06 19:47:21 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2008/08/26 12:29:06 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\[emailprotected] [2007/06/21 18:38:54 \| 000,079,432 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll [2007/06/21 18:38:56 \| 000,071,240 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll [2007/06/21 18:39:18 \| 000,034,376 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll [2007/06/21 18:39:34 \| 000,325,200 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll [2007/04/16 13:07:12 \| 000,180,293 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2007/06/21 18:40:02 \| 000,030,280 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll O1 HOSTS File: ([2010/05/01 15:27:57 \| 000,000,027 \| ---- \| M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: att.com ([ufix] https in Trusted sites) O16 - DPF: {1123EDDF-7B5D-0451-C641-6BBA21AC5BEB} http://performanceoptimizer.com/files/PerformanceOptimizerPre_Installer.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM WINLOGON: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest Flowers.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest Flowers.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/07/25 08:42:24 \| 000,000,074 \| -HS- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/06/03 13:15:27 \| 000,000,000 \| ---D \| M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: SymEFA.sys - C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation) SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: SymEFA.sys - C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation) SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address BOOK 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - File not found Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010/05/06 22:27:33 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ESET [2010/05/06 19:40:04 \| 000,000,000 \| ---D \| C] -- C:\_OTL [2010/05/02 23:41:02 \| 000,000,000 \| ---D \| C] -- C:\Users\Kelly\Desktop\Virus Removal [2010/05/02 18:49:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Kelly\AppData\Roaming\Malwarebytes [2010/05/02 18:49:19 \| 000,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/02 18:49:16 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2010/05/02 18:49:15 \| 000,020,952 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/02 18:49:14 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/01 15:39:15 \| 000,000,000 \| ---D \| C] -- C:\Users\Kelly\AppData\Local\temp [2010/05/01 15:28:10 \| 000,000,000 \| -HSD \| C] -- C:\$RECYCLE.BIN [2010/05/01 14:59:59 \| 000,161,792 \| ---- \| C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/05/01 14:59:59 \| 000,136,704 \| ---- \| C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/05/01 14:59:59 \| 000,031,232 \| ---- \| C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/05/01 14:59:42 \| 000,000,000 \| ---D \| C] -- C:\Windows\ERDNT [2010/05/01 14:58:37 \| 000,000,000 \| ---D \| C] -- C:\Qoobox [2010/05/01 14:58:17 \| 000,212,480 \| ---- \| C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/04/14 00:02:00 \| 000,420,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010/04/14 00:01:47 \| 003,600,776 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010/04/14 00:01:47 \| 003,548,040 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010/04/14 00:01:20 \| 000,220,672 \| ---- \| C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010/04/14 00:01:20 \| 000,062,464 \| ---- \| C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm ========== Files - Modified Within 30 Days ========== [2010/05/13 17:50:00 \| 000,000,392 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{493F427F-30ED-496C-A6F2-D548E8738FE3}.job [2010/05/13 17:44:43 \| 003,670,016 \| -HS- \| M] () -- C:\Users\Kelly\NTUSER.DAT [2010/05/13 17:18:15 \| 000,003,296 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/13 17:18:14 \| 000,003,296 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/13 17:18:04 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2010/05/12 22:16:47 \| 000,000,322 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForKelly.job [2010/05/06 22:27:00 \| 002,672,312 \| ---- \| M] () -- C:\Users\Kelly\Desktop\esetsmartinstaller_enu.exe [2010/05/06 20:16:07 \| 000,000,237 \| ---- \| M] () -- C:\Users\Public\Documents\hpqp.ini [2010/05/06 20:15:16 \| 000,066,387 \| ---- \| M] () -- C:\Users\Kelly\AppData\Roaming\nvModes.001 [2010/05/06 20:10:48 \| 000,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2010/05/06 20:10:37 \| 1005,473,792 \| -HS- \| M] () -- C:\hiberfil.sys [2010/05/06 20:10:34 \| 207,059,850 \| ---- \| M] () -- C:\Windows\MEMORY.DMP [2010/05/06 19:42:34 \| 000,524,288 \| -HS- \| M] () -- C:\Users\Kelly\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/05/06 19:42:34 \| 000,065,536 \| -HS- \| M] () -- C:\Users\Kelly\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/05/06 10:36:38 \| 000,221,568 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/05/02 23:42:22 \| 002,442,553 \| -H-- \| M] () -- C:\Users\Kelly\AppData\Local\IconCache.db [2010/05/01 15:33:03 \| 000,357,908 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/01 15:33:03 \| 000,325,536 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2010/05/01 15:33:03 \| 000,041,674 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2010/05/01 15:28:04 \| 000,000,215 \| ---- \| M] () -- C:\Windows\system.ini [2010/05/01 15:27:57 \| 000,000,027 \| ---- \| M] () -- C:\Windows\System32\drivers\etc\hosts [2010/04/29 20:06:54 \| 000,453,112 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/04/29 15:39:38 \| 000,038,224 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 \| 000,020,952 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/27 21:16:18 \| 000,053,148 \| ---- \| M] () -- C:\Users\Kelly\Desktop\Zonie and Barbie.php [2010/04/26 15:58:12 \| 000,256,512 \| ---- \| M] () -- C:\Windows\PEV.exe [2010/04/25 12:27:18 \| 000,000,336 \| ---- \| M] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat ========== Files Created - No Company Name ========== [2010/05/06 22:26:37 \| 002,672,312 \| ---- \| C] () -- C:\Users\Kelly\Desktop\esetsmartinstaller_enu.exe [2010/05/06 19:52:02 \| 000,000,237 \| ---- \| C] () -- C:\Users\Public\Documents\hpqp.ini [2010/05/01 14:59:59 \| 000,256,512 \| ---- \| C] () -- C:\Windows\PEV.exe [2010/05/01 14:59:59 \| 000,098,816 \| ---- \| C] () -- C:\Windows\sed.exe [2010/05/01 14:59:59 \| 000,080,412 \| ---- \| C] () -- C:\Windows\grep.exe [2010/05/01 14:59:59 \| 000,077,312 \| ---- \| C] () -- C:\Windows\MBR.exe [2010/05/01 14:59:59 \| 000,068,096 \| ---- \| C] () -- C:\Windows\zip.exe [2010/04/27 21:15:40 \| 000,053,148 \| ---- \| C] () -- C:\Users\Kelly\Desktop\Zonie and Barbie.php [2009/08/07 19:47:16 \| 000,117,248 \| ---- \| C] () -- C:\Windows\System32\EhStorAuthn.dll [2008/12/20 15:26:24 \| 000,033,280 \| ---- \| C] () -- C:\Windows\System32\Sp32w.dll [2008/12/20 15:26:19 \| 000,162,304 \| ---- \| C] () -- C:\Windows\System32\DLWBC31.DLL [2008/12/20 15:19:39 \| 000,001,025 \| ---- \| C] () -- C:\Windows\System32\texfsal.dll [2008/12/20 15:19:39 \| 000,000,204 \| ---- \| C] () -- C:\Windows\System32\gb2m0jj.dll [2008/12/20 15:19:37 \| 000,001,025 \| ---- \| C] () -- C:\Windows\System32\grcauth2.dll [2008/12/20 15:19:37 \| 000,001,025 \| ---- \| C] () -- C:\Windows\System32\grcauth1.dll [2008/12/20 15:19:37 \| 000,000,100 \| ---- \| C] () -- C:\Windows\System32\prsgrc.dll [2008/12/20 15:19:36 \| 000,001,025 \| ---- \| C] () -- C:\Windows\System32\clauth2.dll [2008/12/20 15:19:36 \| 000,001,025 \| ---- \| C] () -- C:\Windows\System32\clauth1.dll [2008/12/20 15:19:36 \| 000,000,072 \| ---- \| C] () -- C:\Windows\System32\ssprs.dll [2008/12/20 15:19:32 \| 000,000,016 \| -H-- \| C] () -- C:\Windows\System32\z8ttb22.dll [2008/11/05 16:59:37 \| 000,000,039 \| ---- \| C] () -- C:\Windows\WININIT.INI [2008/11/04 13:55:33 \| 000,000,000 \| ---- \| C] () -- C:\Windows\setup32.INI [2008/10/15 00:08:16 \| 000,000,000 \| ---- \| C] () -- C:\Windows\game.INI [2008/08/22 17:33:11 \| 000,000,094 \| ---- \| C] () -- C:\Windows\MusicRip.ini [2008/01/16 16:01:01 \| 000,000,383 \| ---- \| C] () -- C:\Windows\System32\haspdos.sys [2008/01/04 17:46:48 \| 000,044,544 \| ---- \| C] () -- C:\Windows\System32\gif89.dll [2008/01/04 17:46:19 \| 000,000,529 \| ---- \| C] () -- C:\Windows\SIERRA.INI [2007/10/04 13:34:43 \| 000,000,376 \| ---- \| C] () -- C:\Windows\ODBC.INI [2007/10/03 22:24:22 \| 000,000,097 \| ---- \| C] () -- C:\Windows\System32\PICSDK.ini [2007/10/03 22:18:59 \| 000,000,025 \| ---- \| C] () -- C:\Windows\EPCX8400.ini [2007/07/16 11:58:10 \| 000,197,408 \| ---- \| C] () -- C:\Windows\System32\vpnapi.dll [2007/02/27 16:43:02 \| 000,000,000 \| ---- \| C] () -- C:\Windows\System32\px.ini [2006/12/14 02:01:36 \| 000,520,192 \| ---- \| C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/12/14 02:01:36 \| 000,204,800 \| ---- \| C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/11/02 08:35:32 \| 000,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:25:21 \| 000,061,440 \| ---- \| C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/02 03:40:29 \| 000,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2006/05/04 11:36:14 \| 000,245,760 \| R--- \| C] () -- C:\Windows\System32\setupsup.dll ========== Custom Scans ========== < %systemroot%\. /mp /s > < %systemroot%\system32\.dll /lockedfiles > [2009/03/08 07:31:42 \| 000,348,160 \| ---- \| M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009/03/08 07:31:37 \| 000,216,064 \| ---- \| M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009/04/11 02:27:47 \| 000,241,128 \| ---- \| M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009/04/11 02:28:23 \| 000,228,352 \| ---- \| M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\system32\.exe /lockedfiles > < %systemroot%\Tasks\.job /lockedfiles > < %systemroot%\system32\drivers\.sys /lockedfiles > < %systemroot%\System32\config\.sav > [2006/11/02 06:34:05 \| 000,008,192 \| ---- \| M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 06:34:05 \| 000,020,480 \| ---- \| M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 06:34:05 \| 000,008,192 \| ---- \| M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 06:34:08 \| 010,133,504 \| ---- \| M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 06:34:08 \| 001,826,816 \| ---- \| M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\.sys > [2006/11/02 03:09:42 \| 000,009,029 \| ---- \| M] () -- C:\Windows\System32\ANSI.SYS [2009/04/11 02:32:46 \| 000,245,736 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys [2006/11/02 03:09:45 \| 000,027,097 \| ---- \| M] () -- C:\Windows\System32\country.sys [2008/01/16 16:01:01 \| 000,000,383 \| ---- \| M] () -- C:\Windows\System32\haspdos.sys [2006/11/02 03:09:41 \| 000,004,768 \| ---- \| M] () -- C:\Windows\System32\HIMEM.SYS [2006/11/02 03:09:44 \| 000,042,809 \| ---- \| M] () -- C:\Windows\System32\KEY01.SYS [2006/11/02 03:09:44 \| 000,042,537 \| ---- \| M] () -- C:\Windows\System32\KEYBOARD.SYS [2006/11/02 03:09:29 \| 000,027,866 \| ---- \| M] () -- C:\Windows\System32\NTDOS.SYS [2006/11/02 03:09:35 \| 000,029,146 \| ---- \| M] () -- C:\Windows\System32\NTDOS404.SYS [2006/11/02 03:09:38 \| 000,029,370 \| ---- \| M] () -- C:\Windows\System32\NTDOS411.SYS [2006/11/02 03:09:40 \| 000,029,274 \| ---- \| M] () -- C:\Windows\System32\NTDOS412.SYS [2006/11/02 03:09:31 \| 000,029,146 \| ---- \| M] () -- C:\Windows\System32\NTDOS804.SYS [2006/11/02 03:09:20 \| 000,033,952 \| ---- \| M] () -- C:\Windows\System32\NTIO.SYS [2006/11/02 03:09:23 \| 000,034,672 \| ---- \| M] () -- C:\Windows\System32\NTIO404.SYS [2006/11/02 03:09:24 \| 000,035,776 \| ---- \| M] () -- C:\Windows\System32\NTIO411.SYS [2006/11/02 03:09:26 \| 000,035,536 \| ---- \| M] () -- C:\Windows\System32\NTIO412.SYS [2006/11/02 03:09:22 \| 000,034,672 \| ---- \| M] () -- C:\Windows\System32\NTIO804.SYS [2009/08/14 09:27:17 \| 002,036,736 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys < %systemroot%\system32\drivers\.dll > < %systemroot%\system32\drivers\.ini > < %systemroot%\system32\drivers\.exe > [2007/07/10 07:28:08 \| 000,386,560 \| ---- \| M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe < %SYSTEMDRIVE%\. > [2008/08/22 17:34:09 \| 000,000,020 \| -HS- \| M] () -- C:\ArcDeviceInfo [2007/07/25 08:42:24 \| 000,000,074 \| -HS- \| M] () -- C:\autoexec.bat [2009/04/11 02:36:36 \| 000,333,257 \| RHS- \| M] () -- C:\bootmgr [2010/05/01 15:45:07 \| 000,023,929 \| ---- \| M] () -- C:\ComboFix Log File 05012010.txt [2010/05/01 15:39:13 \| 000,023,929 \| ---- \| M] () -- C:\ComboFix.txt [2006/09/18 17:43:37 \| 000,000,010 \| -HS- \| M] () -- C:\config.sys [2010/05/06 20:10:37 \| 1005,473,792 \| -HS- \| M] () -- C:\hiberfil.sys [2008/07/18 21:02:22 \| 000,000,016 \| -HS- \| M] () -- C:\HPCD.sys [2008/01/04 17:46:13 \| 000,000,000 \| RHS- \| M] () -- C:\IO.SYS [2008/12/06 17:16:45 \| 000,000,806 \| -H-- \| M] () -- C:\IPH.PH [2007/11/18 22:06:28 \| 000,053,364 \| ---- \| M] () -- C:\lma_log.html [2007/12/13 17:25:29 \| 000,002,011 \| ---- \| M] () -- C:\log.html [2008/01/04 17:46:13 \| 000,000,000 \| RHS- \| M] () -- C:\MSDOS.SYS [2007/12/13 17:02:05 \| 000,000,826 \| ---- \| M] () -- C:\net_save.dna [2010/05/06 20:10:34 \| 1319,297,024 \| -HS- \| M] () -- C:\pagefile.sys [2008/07/18 21:02:21 \| 000,000,020 \| RHS- \| M] () -- C:\RCBoot.sys [2008/02/15 00:01:50 \| 000,000,086 \| ---- \| M] () -- C:\setup.log [2008/07/18 20:55:17 \| 000,000,043 \| ---- \| M] () -- C:\Writer.ini < %PROGRAMFILES%\. > [2008/12/08 14:21:55 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Adobe [2008/12/06 17:05:38 \| 000,000,000 \| ---D \| M] -- C:\Program Files\AIM6 [2009/06/04 08:54:03 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Amazon [2009/01/07 23:14:09 \| 000,000,000 \| ---D \| M] -- C:\Program Files\AOL Games [2007/07/25 07:24:06 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Apoint2K [2009/07/04 17:36:59 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Apple Software Update [2008/08/22 17:25:46 \| 000,000,000 \| ---D \| M] -- C:\Program Files\ArcSoft [2009/07/15 01:30:42 \| 000,000,000 \| ---D \| M] -- C:\Program Files\ATT-SST [2009/07/04 17:40:17 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Bonjour [2007/12/27 18:05:34 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Chief Architect Inc [2008/06/05 16:04:12 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Cisco Systems [2009/07/25 16:57:07 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Citrix [2010/05/01 15:11:29 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Common Files [2008/02/24 23:42:56 \| 000,000,000 \| ---D \| M] -- C:\Program Files\CONEXANT [2008/01/10 00:16:27 \| 000,000,000 \| ---D \| M] -- C:\Program Files\directx [2008/02/04 01:02:52 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Disney [2008/03/11 14:56:52 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Dreamcatcher [2009/11/23 21:48:39 \| 000,000,000 \| ---D \| M] -- C:\Program Files\EA GAMES [2008/02/22 14:03:58 \| 000,000,000 \| ---D \| M] -- C:\Program Files\EndNote X1 [2007/10/03 22:43:21 \| 000,000,000 \| ---D \| M] -- C:\Program Files\epson [2010/05/06 22:27:33 \| 000,000,000 \| ---D \| M] -- C:\Program Files\ESET [2008/11/05 13:31:52 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Games A Go-Go [2007/12/13 17:31:08 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Google [2009/04/07 01:04:55 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Hewlett-Packard [2007/12/14 20:01:48 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Hobbyware [2008/10/08 21:13:23 \| 000,000,000 \| ---D \| M] -- C:\Program Files\HP [2007/07/25 08:40:28 \| 000,000,000 \| ---D \| M] -- C:\Program Files\HP Games [2007/07/25 08:48:22 \| 000,000,000 \| ---D \| M] -- C:\Program Files\HPQ [2009/01/06 21:36:21 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Informax Installations [2008/08/22 17:27:10 \| 000,000,000 \| ---D \| M] -- C:\Program Files\INITIO [2009/11/23 21:48:41 \| 000,000,000 \| -H-D \| M] -- C:\Program Files\InstallShield Installation Information [2010/05/01 15:20:22 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Internet Explorer [2007/11/01 19:49:47 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Invitrogen [2009/09/12 14:08:32 \| 000,000,000 \| ---D \| M] -- C:\Program Files\iPhone Configuration Utility [2010/03/21 18:13:23 \| 000,000,000 \| ---D \| M] -- C:\Program Files\iPod [2010/03/21 18:14:46 \| 000,000,000 \| ---D \| M] -- C:\Program Files\iTunes [2009/04/07 01:26:18 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Java [2007/12/15 00:19:14 \| 000,000,000 \| ---D \| M] -- C:\Program Files\LightScribeTemplateLabeler [2009/01/27 19:50:37 \| 000,000,000 \| ---D \| M] -- C:\Program Files\LimeWire [2010/05/02 18:49:29 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/07/04 21:15:55 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft [2007/10/04 22:35:05 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2008/01/02 23:19:47 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft Games [2007/11/11 01:20:47 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft Office [2009/07/04 21:43:24 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft Office Outlook Connector [2010/01/22 04:45:08 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft Silverlight [2009/07/04 21:08:26 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft SQL Server Compact Edition [2009/07/04 21:13:00 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft Sync Framework [2007/11/11 01:20:01 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft Visual Studio [2007/11/11 01:09:39 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft Visual Studio 8 [2009/10/16 03:28:17 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft Works [2007/11/11 01:18:42 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Microsoft.NET [2010/03/12 04:38:09 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Movie Maker [2010/04/09 18:55:09 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox [2007/11/11 01:21:13 \| 000,000,000 \| ---D \| M] -- C:\Program Files\MSBuild [2009/07/04 21:41:14 \| 000,000,000 \| ---D \| M] -- C:\Program Files\MSECache [2007/10/09 22:23:54 \| 000,000,000 \| ---D \| M] -- C:\Program Files\MSXML 4.0 [2007/07/25 08:41:49 \| 000,000,000 \| ---D \| M] -- C:\Program Files\muvee Technologies [2009/11/26 21:40:41 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Nancy Drew [2008/10/23 23:51:59 \| 000,000,000 \| ---D \| M] -- C:\Program Files\NancyDrew [2009/04/02 23:44:58 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Norton AntiVirus [2009/04/02 23:37:13 \| 000,000,000 \| ---D \| M] -- C:\Program Files\NortonInstaller [2007/10/04 01:58:45 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Online Services [2010/03/21 18:08:27 \| 000,000,000 \| ---D \| M] -- C:\Program Files\QuickTime [2006/11/02 08:37:34 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Reference Assemblies [2007/07/25 08:02:12 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Roxio [2008/01/04 18:16:20 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Sierra On-Line [2008/12/20 15:26:11 \| 000,000,000 \| ---D \| M] -- C:\Program Files\SigmaPlot [2008/12/20 15:20:53 \| 000,000,000 \| ---D \| M] -- C:\Program Files\SigmaStat [2008/08/26 11:59:09 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Sun [2007/12/13 17:01:44 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Support.com [2009/08/31 19:38:28 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Symantec [2008/11/17 22:31:19 \| 000,000,000 \| ---D \| M] -- C:\Program Files\The Learning Company [2008/03/11 15:04:17 \| 000,000,000 \| ---D \| M] -- C:\Program Files\TMOTM [2006/11/02 09:01:55 \| 000,000,000 \| -H-D \| M] -- C:\Program Files\Uninstall Information [2007/10/04 00:13:59 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Vector NTI 10 Distributive [2007/10/05 20:48:40 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Viewpoint [2007/12/14 15:04:35 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Webshots [2009/10/18 15:25:10 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Westward [2010/01/11 19:40:24 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Westward II Heroes Of The Frontier [2010/02/09 19:35:13 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Westward III Gold Rush [2010/03/28 18:41:46 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Westward IV All Aboard [2009/09/07 01:53:52 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Wild West Quest 2 [2009/09/07 01:28:08 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Calendar [2009/09/07 01:28:07 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Collaboration [2009/09/07 01:28:05 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Defender [2009/09/07 01:28:07 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Journal [2009/07/04 21:14:22 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Live [2009/07/04 21:04:20 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Live SkyDrive [2010/05/13 03:08:34 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Mail [2009/10/29 03:04:05 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Media Player [2006/11/02 08:37:34 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows NT [2009/09/07 01:28:07 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Photo Gallery [2009/11/17 04:29:42 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Portable Devices [2009/09/07 01:28:07 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Windows Sidebar < %appdata%\.* > [2010/05/06 20:15:16 \| 000,066,387 \| ---- \| M] () -- C:\Users\Kelly\AppData\Roaming\nvModes.001 [2010/04/05 19:18:28 \| 000,066,387 \| ---- \| M] () -- C:\Users\Kelly\AppData\Roaming\nvModes.dat [2010/04/25 12:27:18 \| 000,000,336 \| ---- \| M] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat < MD5 for: AGP440.SYS > [2008/01/19 03:42:25 \| 000,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/19 03:42:25 \| 000,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/19 03:42:25 \| 000,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 03:42:25 \| 000,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007/07/25 08:50:38 \| 000,053,864 \| ---- \| M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2007/07/25 08:50:38 \| 000,053,864 \| ---- \| M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2007/07/25 08:50:38 \| 000,053,864 \| ---- \| M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006/11/02 05:49:52 \| 000,053,864 \| ---- \| M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys [2006/11/02 05:49:52 \| 000,053,864 \| ---- \| M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 05:49:52 \| 000,053,864 \| ---- \| M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 02:32:26 \| 000,019,944 \| ---- \| M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009/04/11 02:32:26 \| 000,019,944 \| ---- \| M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 02:32:26 \| 000,019,944 \| ---- \| M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 02:32:26 \| 000,019,944 \| ---- \| M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 03:41:30 \| 000,021,560 \| ---- \| M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/19 03:41:30 \| 000,021,560 \| ---- \| M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 05:49:36 \| 000,019,048 \| ---- \| M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/02/14 04:08:42 \| 000,021,560 \| ---- \| M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/02/14 04:08:42 \| 000,021,560 \| ---- \| M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/02/14 04:08:41 \| 000,021,560 \| ---- \| M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 05:46:03 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006/11/02 05:46:03 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 05:46:03 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: DISK.SYS > [2009/04/11 02:32:31 \| 000,053,736 \| ---- \| M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys [2009/04/11 02:32:31 \| 000,053,736 \| ---- \| M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys [2009/04/11 02:32:31 \| 000,053,736 \| ---- \| M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys [2008/01/19 03:42:20 \| 000,055,352 \| ---- \| M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys [2008/01/19 03:42:20 \| 000,055,352 \| ---- \| M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys [2006/11/02 05:49:51 \| 000,052,840 \| ---- \| M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys < MD5 for: IASTORV.SYS > [2008/01/19 03:42:51 \| 000,235,064 \| ---- \| M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/19 03:42:51 \| 000,235,064 \| ---- \| M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 05:51:25 \| 000,232,040 \| ---- \| M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 05:51:25 \| 000,232,040 \| ---- \| M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006/11/02 05:46:11 \| 000,559,616 \| ---- \| M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009/04/11 02:28:23 \| 000,592,896 \| ---- \| M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009/04/11 02:28:23 \| 000,592,896 \| ---- \| M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 02:28:23 \| 000,592,896 \| ---- \| M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/19 03:35:36 \| 000,592,384 \| ---- \| M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 05:50:13 \| 000,040,040 \| ---- \| M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 05:50:13 \| 000,040,040 \| ---- \| M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 03:42:09 \| 000,045,112 \| ---- \| M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/19 03:42:09 \| 000,045,112 \| ---- \| M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 03:36:19 \| 000,177,152 \| ---- \| M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 05:46:12 \| 000,176,640 \| ---- \| M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 02:28:24 \| 000,177,152 \| ---- \| M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009/04/11 02:28:24 \| 000,177,152 \| ---- \| M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 02:28:24 \| 000,177,152 \| ---- \| M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USBSTOR.SYS > [2007/10/04 21:42:37 \| 000,055,296 \| ---- \| M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS [2007/10/04 21:42:37 \| 000,055,296 \| ---- \| M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS [2007/10/04 21:42:37 \| 000,055,296 \| ---- \| M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS [2008/01/19 01:53:22 \| 000,055,296 \| ---- \| M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS [2008/01/19 01:53:22 \| 000,055,296 \| ---- \| M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS [2009/04/11 00:42:55 \| 000,065,536 \| ---- \| M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS [2009/04/11 00:42:55 \| 000,065,536 \| ---- \| M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS [2009/04/11 00:42:55 \| 000,065,536 \| ---- \| M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS [2006/11/02 04:55:05 \| 000,054,784 \| ---- \| M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-13 21:39:34 ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A6CD15C3 < End of report > There wasn't an Extras file that was created that I can find. Your logs are clean. To manually create a new Restore Point Go to Control Panel and select System and Maintenance Select System On the left select Advance System Settings and accept the warning if you get one Select System Protection Tab Select Create at the bottom Type in a name i.e. Clean Select Create Now we can purge the INFECTED ones Go back to the System and Maintenance page Select Performance Information and Tools On the left select Open Disk Cleanup Select Files from all users and accept the warning if you get one In the drop down box select your main drive i.e. C For a few moments the system will make some calculations Select the More Options tab In the System Restore and Shadow Backups select Clean up Select Delete on the pop up Select OK Select Delete You are now done To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer: Save it to your Desktop. Double click OTC.exe. Click the CleanUp! button. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. == Please download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. == Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Answer»

Please run a free online scan with the ESET Online Scanner

Tick the BOX next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

I am having trouble getting the scan started. I am getting a message saying "Can not get update. Is proxy configured?". Should I reconfigure it (since I previously disabled for the last scan)?No. Weird.

Hi

Download OTL to your Desktop. (If you ALREADY have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Here is the first half of the OTL.Txt file:

OTL logfile created on: 5/13/2010 5:44:35 PM - Run 2
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Kelly\Desktop\Virus Removal
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.98 Gb Total Space | 45.46 Gb Free Space | 32.71% Space Free | Partition Type: NTFS
Drive D: | 10.07 Gb Total Space | 9.99 Gb Free Space | 99.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRANCESCA
Current User Name: Kelly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/02 22:40:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\Virus Removal\OTL.exe
PRC - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 13:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/08/22 02:32:54 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/07/02 19:02:45 | 000,296,208 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/28 14:54:23 | 001,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/06/06 11:35:02 | 000,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2010/05/02 22:40:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\Virus Removal\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 02:32:54 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2009/07/02 19:02:45 | 000,296,208 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/01/09 17:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100513.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100513.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/03 21:02:30 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/10/28 18:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/08/31 19:38:28 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/22 02:32:55 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 02:32:55 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 02:32:55 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 02:32:55 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 02:32:55 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 02:32:55 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 02:32:55 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 02:32:45 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/04/11 00:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/01/30 19:23:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/30 19:23:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/03/03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/16 16:01:01 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/10/13 00:50:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/10/13 00:50:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2007/09/19 21:05:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/08 21:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/08/01 08:42:32 | 000,164,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/07 01:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/20 04:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 04:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 04:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/03/06 09:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/16 04:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/30 13:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/11/22 11:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006/11/22 11:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2003/04/02 19:54:16 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netrcacm.sys -- (netrcacm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enable d: false
FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/"
FF - prefs.js..extensions.enabledItems: [emailprotected]:1.0.0.07075003
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 18:54:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 18:55:08 | 000,000,000 | ---D | M]

[2008/08/26 12:29:12 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Mozilla\Extensions
[2010/05/12 22:05:38 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\awill9li.default\extensions
[2009/07/06 10:14:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\awill9li.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/30 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\awill9li.default\extensions\[emailprotected]
[2010/05/06 19:47:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/26 12:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[emailprotected]
[2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/05/01 15:27:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: att.com ([ufix] https in Trusted sites)
O16 - DPF: {1123EDDF-7B5D-0451-C641-6BBA21AC5BEB} http://performanceoptimizer.com/files/PerformanceOptimizerPre_Installer.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM WINLOGON: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest Flowers.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest Flowers.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/25 08:42:24 | 000,000,074 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/03 13:15:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: SymEFA.sys - C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address BOOK 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/06 22:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/06 19:40:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/02 23:41:02 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Desktop\Virus Removal
[2010/05/02 18:49:38 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Roaming\Malwarebytes
[2010/05/02 18:49:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/02 18:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/02 18:49:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/02 18:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/01 15:39:15 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Local\temp
[2010/05/01 15:28:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/01 14:59:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/01 14:59:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/01 14:59:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/01 14:59:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/01 14:58:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/01 14:58:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/14 00:02:00 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 00:01:47 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 00:01:47 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 00:01:20 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 00:01:20 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

========== Files - Modified Within 30 Days ==========

[2010/05/13 17:50:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{493F427F-30ED-496C-A6F2-D548E8738FE3}.job
[2010/05/13 17:44:43 | 003,670,016 | -HS- | M] () -- C:\Users\Kelly\NTUSER.DAT
[2010/05/13 17:18:15 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 17:18:14 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 17:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/12 22:16:47 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKelly.job
[2010/05/06 22:27:00 | 002,672,312 | ---- | M] () -- C:\Users\Kelly\Desktop\esetsmartinstaller_enu.exe
[2010/05/06 20:16:07 | 000,000,237 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/06 20:15:16 | 000,066,387 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\nvModes.001
[2010/05/06 20:10:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/06 20:10:37 | 1005,473,792 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 20:10:34 | 207,059,850 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/06 19:42:34 | 000,524,288 | -HS- | M] () -- C:\Users\Kelly\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/06 19:42:34 | 000,065,536 | -HS- | M] () -- C:\Users\Kelly\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/02 23:42:22 | 002,442,553 | -H-- | M] () -- C:\Users\Kelly\AppData\Local\IconCache.db
[2010/05/01 15:33:03 | 000,357,908 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/01 15:33:03 | 000,325,536 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/01 15:33:03 | 000,041,674 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/01 15:28:04 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/01 15:27:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/29 20:06:54 | 000,453,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 21:16:18 | 000,053,148 | ---- | M] () -- C:\Users\Kelly\Desktop\Zonie and Barbie.php
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/25 12:27:18 | 000,000,336 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2010/05/06 22:26:37 | 002,672,312 | ---- | C] () -- C:\Users\Kelly\Desktop\esetsmartinstaller_enu.exe
[2010/05/06 19:52:02 | 000,000,237 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/01 14:59:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/01 14:59:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/01 14:59:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/01 14:59:59 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/01 14:59:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/27 21:15:40 | 000,053,148 | ---- | C] () -- C:\Users\Kelly\Desktop\Zonie and Barbie.php
[2009/08/07 19:47:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/20 15:26:24 | 000,033,280 | ---- | C] () -- C:\Windows\System32\Sp32w.dll
[2008/12/20 15:26:19 | 000,162,304 | ---- | C] () -- C:\Windows\System32\DLWBC31.DLL
[2008/12/20 15:19:39 | 000,001,025 | ---- | C] () -- C:\Windows\System32\texfsal.dll
[2008/12/20 15:19:39 | 000,000,204 | ---- | C] () -- C:\Windows\System32\gb2m0jj.dll
[2008/12/20 15:19:37 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2008/12/20 15:19:37 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2008/12/20 15:19:37 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2008/12/20 15:19:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008/12/20 15:19:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008/12/20 15:19:36 | 000,000,072 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2008/12/20 15:19:32 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\z8ttb22.dll
[2008/11/05 16:59:37 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/11/04 13:55:33 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/10/15 00:08:16 | 000,000,000 | ---- | C] () -- C:\Windows\game.INI
[2008/08/22 17:33:11 | 000,000,094 | ---- | C] () -- C:\Windows\MusicRip.ini
[2008/01/16 16:01:01 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2008/01/04 17:46:48 | 000,044,544 | ---- | C] () -- C:\Windows\System32\gif89.dll
[2008/01/04 17:46:19 | 000,000,529 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/10/04 13:34:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/03 22:24:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/10/03 22:18:59 | 000,000,025 | ---- | C] () -- C:\Windows\EPCX8400.ini
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/04 11:36:14 | 000,245,760 | R--- | C] () -- C:\Windows\System32\setupsup.dll

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2008/01/16 16:01:01 | 000,000,383 | ---- | M] () -- C:\Windows\System32\haspdos.sys
[2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/08/14 09:27:17 | 002,036,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2007/07/10 07:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2008/08/22 17:34:09 | 000,000,020 | -HS- | M] () -- C:\ArcDeviceInfo
[2007/07/25 08:42:24 | 000,000,074 | -HS- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/05/01 15:45:07 | 000,023,929 | ---- | M] () -- C:\ComboFix Log File 05012010.txt
[2010/05/01 15:39:13 | 000,023,929 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | -HS- | M] () -- C:\config.sys
[2010/05/06 20:10:37 | 1005,473,792 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/18 21:02:22 | 000,000,016 | -HS- | M] () -- C:\HPCD.sys
[2008/01/04 17:46:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/06 17:16:45 | 000,000,806 | -H-- | M] () -- C:\IPH.PH
[2007/11/18 22:06:28 | 000,053,364 | ---- | M] () -- C:\lma_log.html
[2007/12/13 17:25:29 | 000,002,011 | ---- | M] () -- C:\log.html
[2008/01/04 17:46:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/12/13 17:02:05 | 000,000,826 | ---- | M] () -- C:\net_save.dna
[2010/05/06 20:10:34 | 1319,297,024 | -HS- | M] () -- C:\pagefile.sys
[2008/07/18 21:02:21 | 000,000,020 | RHS- | M] () -- C:\RCBoot.sys
[2008/02/15 00:01:50 | 000,000,086 | ---- | M] () -- C:\setup.log
[2008/07/18 20:55:17 | 000,000,043 | ---- | M] () -- C:\Writer.ini

< %PROGRAMFILES%\*. >
[2008/12/08 14:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/06 17:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2009/06/04 08:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/01/07 23:14:09 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Games
[2007/07/25 07:24:06 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2009/07/04 17:36:59 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/08/22 17:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2009/07/15 01:30:42 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-SST
[2009/07/04 17:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/12/27 18:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\Chief Architect Inc
[2008/06/05 16:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2009/07/25 16:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/05/01 15:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/02/24 23:42:56 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/01/10 00:16:27 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2008/02/04 01:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2008/03/11 14:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\Dreamcatcher
[2009/11/23 21:48:39 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2008/02/22 14:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\EndNote X1
[2007/10/03 22:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2010/05/06 22:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2008/11/05 13:31:52 | 000,000,000 | ---D | M] -- C:\Program Files\Games A Go-Go
[2007/12/13 17:31:08 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/04/07 01:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007/12/14 20:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Hobbyware
[2008/10/08 21:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2007/07/25 08:40:28 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2007/07/25 08:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2009/01/06 21:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\Informax Installations
[2008/08/22 17:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\INITIO
[2009/11/23 21:48:41 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/05/01 15:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/11/01 19:49:47 | 000,000,000 | ---D | M] -- C:\Program Files\Invitrogen
[2009/09/12 14:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2010/03/21 18:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/03/21 18:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/04/07 01:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/12/15 00:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\LightScribeTemplateLabeler
[2009/01/27 19:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/05/02 18:49:29 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/04 21:15:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/10/04 22:35:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/01/02 23:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2007/11/11 01:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/07/04 21:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/01/22 04:45:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/04 21:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/07/04 21:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2007/11/11 01:20:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2007/11/11 01:09:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/16 03:28:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/11/11 01:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/12 04:38:09 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/09 18:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/11/11 01:21:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/04 21:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2007/10/09 22:23:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/07/25 08:41:49 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2009/11/26 21:40:41 | 000,000,000 | ---D | M] -- C:\Program Files\Nancy Drew
[2008/10/23 23:51:59 | 000,000,000 | ---D | M] -- C:\Program Files\NancyDrew
[2009/04/02 23:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\Norton AntiVirus
[2009/04/02 23:37:13 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2007/10/04 01:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/03/21 18:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/07/25 08:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/01/04 18:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra On-Line
[2008/12/20 15:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaPlot
[2008/12/20 15:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaStat
[2008/08/26 11:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2007/12/13 17:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Support.com
[2009/08/31 19:38:28 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/11/17 22:31:19 | 000,000,000 | ---D | M] -- C:\Program Files\The Learning Company
[2008/03/11 15:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\TMOTM
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/10/04 00:13:59 | 000,000,000 | ---D | M] -- C:\Program Files\Vector NTI 10 Distributive
[2007/10/05 20:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2007/12/14 15:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\Webshots
[2009/10/18 15:25:10 | 000,000,000 | ---D | M] -- C:\Program Files\Westward
[2010/01/11 19:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Westward II Heroes Of The Frontier
[2010/02/09 19:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\Westward III Gold Rush
[2010/03/28 18:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Westward IV All Aboard
[2009/09/07 01:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Wild West Quest 2
[2009/09/07 01:28:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/09/07 01:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/09/07 01:28:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/09/07 01:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/07/04 21:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/07/04 21:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/05/13 03:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/29 03:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/09/07 01:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/17 04:29:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/09/07 01:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >
[2010/05/06 20:15:16 | 000,066,387 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\nvModes.001
[2010/04/05 19:18:28 | 000,066,387 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\nvModes.dat
[2010/04/25 12:27:18 | 000,000,336 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat

< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/07/25 08:50:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/07/25 08:50:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/07/25 08:50:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 04:08:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 04:08:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 04:08:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2007/10/04 21:42:37 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2007/10/04 21:42:37 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2007/10/04 21:42:37 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-13 21:39:34

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A6CD15C3
< End of report >
There wasn't an Extras file that was created that I can find. Your logs are clean.

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the INFECTED ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive i.e. C
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Solve : Application cannot be executed. The file...is infected.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment